
#START:authorize
class AdminController < ApplicationController

  before_filter :authorize
  
  # ....
#END:authorize

  layout "application"
  
  def index
    list
    render :action => 'list'
  end

  def list
#    @product_pages, @products = paginate :products, :per_page => 10
    @products = Product.search(:all, params[:page])   
  end

  def show
    @product = Product.find(params[:id])
  end

  def new
    @product = Product.new
  end

  def create
    @product = Product.new(params[:product])
    if @product.save
      flash[:notice] = 'Product was successfully created.'
      redirect_to :action => 'list'
    else
      render :action => 'new'
    end
  end

  def query
  end
  
  def querylist
    conditions = ["1=1 "];
    if params[:prod] and !params[:prod].empty?
      conditions[0] << " and prod like ?" 
      conditions << "%"+params[:prod]+"%"
    end
    if params[:band] and !params[:band].empty?
      conditions[0] << " and band like ?" 
      conditions << "%"+params[:band]+"%"
    end
    if params[:remark] and !params[:remark].empty?
      conditions[0] << " and remark like ?" 
      conditions << "%"+params[:remark]+"%"
    end
    
    @products = Product.find :all, :conditions => conditions
  end
  
  def querycustomer    
  end
  
  def querycustomerlist    
    conditions = ["1=1 "]
    if not params[:customer]
      render :text => '<div id="error">查询信息不完整</div>', :layout => true
      return 
    end
    if params[:customer][:customer] and not params[:customer][:customer].empty?
      conditions[0] << " and customer like ? " 
      conditions << "%"+params[:customer][:customer]+"%"
    end
    
    if not params[:customer][:contact].empty?
      conditions[0] << " and contact like ? "
      conditions << "%"+params[:customer][:contact]+"%"
    end
    
    if not params[:customer][:email].empty?
      conditions[0] << " and email like ? "
      conditions << "%"+params[:customer][:email]+"%"
    end
    
    if not params[:customer][:country].empty?
      conditions[0] << " and country like ? "
      conditions << "%"+params[:customer][:country]+"%"
    end
    
    if not params[:customer][:address].empty?
      conditions[0] << " and address like ? "
      conditions << "%"+ params[:customer][:address] + "%"
    end
    
    if admin?
      if not params[:customer][:user].empty?
        conditions[0] << " and user = ? "
        conditions << params[:customer][:user]
      end
    else
      conditions[0] << " and user = ? " 
      conditions << cur_user_name
    end
    @customers = Customer.find :all, :conditions => conditions 
  end
  
  def edit
    @product = Product.find(params[:id])
  end

  def update
    @product = Product.find(params[:id])
    if @product.update_attributes(params[:product])
      flash[:notice] = 'Product was successfully updated.'
      redirect_to :action => 'show', :id => @product
    else
      render :action => 'edit'
    end
  end

  def destroy
    Product.find(params[:id]).destroy
    redirect_to :action => 'list'
  end
end
